A small, hand-picked team. We focus on the cyber hygiene work that prevents most breaches: asset management, patching, vulnerability remediation, configuration drift remediation. We run it on time, week in, week out.
Most breaches don't come from clever attackers. They come from something basic that wasn't done. 500,000 endpoints under management today, growing month-on-month.
2025 logged more than 48,000 unique vulnerabilities: a record, and a step-change on every prior year (NVD). With each new generation of LLM, we expect that figure to double or triple. AI-assisted research, reverse-engineering and disclosure are about to compress the window between a vendor advisory and a working exploit from weeks to hours.
Manual remediation cannot keep up. The only viable response is automated maintenance, applied everywhere, reliably, in shorter cycles. Find the asset, apply the patch, verify the fix. Hundreds of thousands of endpoints, every week.
That's how we run our managed services. It's why we've spent a decade arguing that hygiene is the work, not the precondition for it.
Most vulnerability programmes don't fail at remediation. They fail at the handover. New CVEs land. Vulnerability management opens a ticket per affected asset, or exports a spreadsheet, and sends it across. An ops team that already has a day job (keeping the business running) now spends half its week triaging the avalanche.
That's not an IT problem to fix. It's ours. The work that gets done is the work that arrives prioritised and simplified: one action, not one ticket per finding. We do the de-duplication, the call on what matters this week, the conversation with IT about what they can absorb. What reaches the patching queue is a decision they can execute, not a workload they have to plan.
Across our managed-service estates today, on weekly and monthly automated cycles. Growing month-on-month.
Source · endpointX field data, may 2026Of CVEs published each year. The other 94% are maintenance, not emergencies.
Source · FIRST EPSS · CyentiaMore endpoints turn up in a discovery scan than the CMDB thinks exist.
Source · endpointX field dataMandated window for high or critical patches.
Source · NCSC · publicStrategy, programme design, governance models. We put the operating model around the tool, not the other way round.
ii. Professional ServicesDeployment, integration, optimisation. Tanium from zero to managed in 90 days. CMDB integrations that actually move data.
iii. Managed ServicesWe run it. Long-term. Patching, vulnerability management, configuration drift: all of it, week in, week out, with reporting you can take to the board.
iv. Software PartnersTanium, Wiz, CyberArk, Microsoft, ServiceNow, Axonius, Forescout. A small, deliberate roster of platforms we know at production depth.
Within two patch cycles we deployed the platform, rolled out the agent across 25,000 workstations and servers, and brought automated patching live: OS and third-party, on the same cadence. The 500,000-vulnerability backlog that had built up under manual patching cleared across the first two months.
From there, an ongoing cadence: workstations weekly, Windows servers split across Patch Tuesday week and the two weekends after. New high and critical patches now hold inside the Cyber Essentials Plus 14-day window, with tiered reporting from board down to application owner.
Read the case studyWe're happy to talk before you've decided you have a problem. Most of the work we end up doing starts there.
Talk to us[email protected]
LinkedIn · @endpointX